CVE-2024-24568
Suricata http2: header handling evasion
In short
Suricata's HTTP/2 header inspection rules can be bypassed using specially crafted network traffic, allowing malicious content to slip through the security monitoring system undetected.
Technical detail
The HTTP/2 header handling in Suricata prior to version 7.0.3 contains a logic flaw (CWE-284) that allows attackers to craft malformed headers to evade rule-based detection. An attacker on the network path can send specially crafted HTTP/2 traffic to bypass security rules, reducing detection effectiveness of intrusion detection/prevention capabilities.
Summary generated and translated by AI from the official description.
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products
OISF · suricataWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8chttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/https://redmine.openinfosecfoundation.org/issues/6717